The Cybersecurity Advisory of the National Security Agency (NSA)
has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in
Windows 10 operating systems.
Dubbed NSACrypt, the security flaw found in the Crypt32.dll module
enables remote code execution and affects the way Windows verifies
Signed files and emails, HTTPS connections and signed executable
code launched as user-mode processes are some examples where the validation
process may be exploited by an attacker.
In a successful attack, “the user would have no way of knowing the
file was malicious, because the digital signature would appear to be from a
trusted provider,” said the report.
How can users and business protect their systems? As there is no
workaround for this type of vulnerability, the “NSA recommends installing all
January 2020 Patch Tuesday patches as soon as possible.” If automated patching
is not possible for enterprises, they should at least “prioritize patching
endpoints that provide essential or broadly replied-upon services” such as endpoints
directly exposed to the Internet or used by privileged users.
Mechele Gruhn, the head Security Program Manager from Microsoft
also confirmed the security flaw in separate blog post on Jan.
“This month we addressed the vulnerability CVE-2020-0601 in the
usermode cryptographic library, CRYPT32.DLL, that affects Windows 10 systems,”
said Gruhn. “This vulnerability is classed Important and we have not seen it
used in active attacks.”
Eight of the 49 vulnerabilities patched in the January 2020 Patch
Tuesday released by Microsoft are flagged critical.
Worthy mentions in this month’s batch of security updates are also
CVE-2020-0609 and CVE-2020-0610, two
remote execution bugs found in the RDP Gateway services that require no user
interactions to be exploited by unauthorized parties.
Although the no exploitation of the vulnerabilities has been
reported in the whild, it’s better to be safe than sorry, and downloading the
latest Windows update is highly recommended.